This firewallscript was originally written by Patrik Hildingsson(firstname.lastname@example.org)
and was enhanced and securitychecked by Marc Schoechlin :-)
This script is free software in terms of the BSD-Licence.
Don´t install this in productive environments, until you haven´t checked the rules/tables with your own eyes.
Please report improvments/ bug-fixes to email@example.com
- Kernel 2.4.X
- standard shell-utils
(Hold down the shift-button, for proper downloading)
> mkdir /etc/<your firewalldir>
> cp ./rc.firewall /etc/<your firewalldir>
> cd /etc/<your firewalldir>
> ./rc.firewall # This creates some files in your firewalldir
Now edit /etc/<your firewalldir>/firewall.conf and open the portsyou need.
> ./rc.firewall start # to start the firewall
> ./rc.firewall stop # to stop the firewall
Verify that everything works :-)
Integrate the script in the sys-v scheme with creating the following links:
> ln -s /etc/rc.firewall /etc/rc.d/init.d/rc.firewall
> ln -s /etc/rc.firewall /etc/rc.d /rc3.d/S<ordernumber> # Starting the script in runlevel 3
> ln -s /etc/rc.firewall /etc/rc.d /rc3.d/K<ordernumber> # Stopping the script in runlvel 3
If you want to use it, you need :
- Linux kernel 2.4.7 with a netfilter patch-o-matic.
- Download the latest CVS or grab a local copy of netfilter 1.2.2. It WILL work with Linux 2.4.7 vanilla kernel.
- cd into the patch-o-matic directory and type ./runme. Then do a make all, make install and finally make install-devel
- These are the required kernel(2.4.7)patches to run my script with all options ON.
- droped-tableONLY for users not using the CVS or iptables 1.2.3
- string(NEW required by 4.5c-3+). There's a bug in iptables 1.2.2 string match.
To fix this edit extensions/libipt_string.c
Find BM_MAX_LEN and replace it with BM_MAX_NLEN.
That should eliminate the compilation problem